Software / code / prosody
Changeset
13324:6f371066d6e0
util.prosodyctl.check: Simplify conditions for c2s and s2s cert checks
This code is hard to follow and in need of some refactoring.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 13 Nov 2023 09:43:54 +0100 |
| parents | 13323:7bfd6db52528 |
| children | 13325:f32faaea3461 |
| files | util/prosodyctl/check.lua |
| diffstat | 1 files changed, 3 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/util/prosodyctl/check.lua Sun Nov 12 13:02:38 2023 +0100 +++ b/util/prosodyctl/check.lua Mon Nov 13 09:43:54 2023 +0100 @@ -1131,6 +1131,7 @@ cert_ok = false else for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do + local modules = modulemanager.get_modules_for_host(host); print("Checking certificate for "..host); -- First, let's find out what certificate this host uses. local host_ssl_config = configmanager.rawget(host, "ssl") @@ -1172,12 +1173,11 @@ elseif not cert:validat(os.time() + 86400*31) then print(" Certificate expires within one month.") end - if select(2, modulemanager.get_modules_for_host(host)) == nil - and not x509_verify_identity(host, "_xmpp-client", cert) then + if modules:contains("c2s") and not x509_verify_identity(host, "_xmpp-client", cert) then print(" Not valid for client connections to "..host..".") cert_ok = false end - if (not (api(host):get_option_boolean("anonymous_login", false) + if modules:contains("s2s") and (not (api(host):get_option_boolean("anonymous_login", false) or api(host):get_option_string("authentication", "internal_hashed") == "anonymous")) and not x509_verify_identity(host, "_xmpp-server", cert) then print(" Not valid for server-to-server connections to "..host..".")
